Re: [PATCH] splice: fix user pointer access in get_iovec_page_array()

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Pekka J Enberg <penberg@...>

Cc: <torvalds@...>, <linux-kernel@...>, <stable@...>, <jens.axboe@...>, <akpm@...>, <bastian@...>, <ndenev@...>, <oliver.pntr@...>

Subject: Re: [PATCH] splice: fix user pointer access in get_iovec_page_array()

Date: Sunday, February 10, 2008 - 7:37 pm

On Sun, Feb 10, 2008 at 04:47:57PM +0200, Pekka J Enberg wrote:
quoted text> From: Bastian Blank <bastian@waldi.eu.org>
> 
> The commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
> pointer access verification") added access_ok() to copy_from_user_mmap_sem()
> which only ensures we can copy the struct iovecs from userspace to the kernel
> but we also must check whether we can access the actual memory region pointed
> to by the struct iovec to close the local root exploit.
> 
> Cc: <stable@kernel.org>
> Cc: Jens Axboe <jens.axboe@oracle.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
> ---
> Bastian, can I have your Signed-off-by for this, please? Oliver, Niki, can 
> you please confirm this closes the hole?

Pekka, I confirm that it also closes the hole once backported to 2.6.22.

Willy

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] splice: fix user pointer access in get_iovec_page_ar..., Pekka J Enberg, (Sun Feb 10, 10:47 am)

[PATCH] vmsplice exploit fix (was: splice: fix user pointer ..., Daniel Phillips, (Mon Feb 11, 3:29 am)

Re: [PATCH] vmsplice exploit fix (was: splice: fix user poin..., Pekka Enberg, (Mon Feb 11, 3:49 am)

Re: [PATCH] vmsplice exploit fix (was: splice: fix user poin..., Daniel Phillips, (Mon Feb 11, 4:00 am)

Re: [stable] [PATCH] vmsplice exploit fix (was: splice: fix ..., Greg KH, (Mon Feb 11, 3:53 am)

Re: [stable] [PATCH] vmsplice exploit fix (was: splice: fix ..., Daniel Phillips, (Mon Feb 11, 4:05 am)

Re: [PATCH] splice: fix user pointer access in get_iovec_pag..., Willy Tarreau, (Sun Feb 10, 7:37 pm)

Re: [PATCH] splice: fix user pointer access in get_iovec_pag..., Oliver Pinter, (Mon Feb 11, 2:24 am)

Re: [PATCH] splice: fix user pointer access in get_iovec_pag..., Bastian Blank, (Sun Feb 10, 11:17 am)

Re: [PATCH] splice: fix user pointer access in get_iovec_pag..., Oliver Pinter, (Sun Feb 10, 11:31 am)


linux-kernel:
Rafael J. Wysocki	[Bug #11209] 2.6.27-rc1 process time accounting
Vitaly V. Bursov	Re: Slow file transfer speeds with CFQ IO scheduler in some cases
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Ian Kent	[PATCH 1/4] autofs4 - check for invalid dentry in getpath
git:

linux-netdev:
David Miller	Re: [GIT]: Networking
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
Linus Torvalds	Re: iptables very slow after commit 784544739a25c30637397ace5489eeb6e15d7d49
openbsd-misc:

Re: [PATCH] splice: fix user pointer access in get_iovec_page_array()

Online users